General

  • Target

    a62334b80eeebe5073f3dab446f27870_JaffaCakes118

  • Size

    17KB

  • Sample

    241127-f3j8vawmbn

  • MD5

    a62334b80eeebe5073f3dab446f27870

  • SHA1

    5788c9db1d4abb9e36ed87e178fcf7da84f00aab

  • SHA256

    370a1ff7670051900c30da978d6fa4817503ba83bdec99856934af91370096ef

  • SHA512

    789459d2851d8e4c9b646f91e233c2859de30f3f6f30f440ae59bc74800efb482b2bb47d9800eb3f9c9cefc714633cf167198c1a4732886124b7a77948e42335

  • SSDEEP

    384:yebFNw4Pk1itKkpAjjI2YpdmvgqSNrPLv:y0FmBkpKjPYpZ

Malware Config

Targets

    • Target

      a62334b80eeebe5073f3dab446f27870_JaffaCakes118

    • Size

      17KB

    • MD5

      a62334b80eeebe5073f3dab446f27870

    • SHA1

      5788c9db1d4abb9e36ed87e178fcf7da84f00aab

    • SHA256

      370a1ff7670051900c30da978d6fa4817503ba83bdec99856934af91370096ef

    • SHA512

      789459d2851d8e4c9b646f91e233c2859de30f3f6f30f440ae59bc74800efb482b2bb47d9800eb3f9c9cefc714633cf167198c1a4732886124b7a77948e42335

    • SSDEEP

      384:yebFNw4Pk1itKkpAjjI2YpdmvgqSNrPLv:y0FmBkpKjPYpZ

    • Renames multiple (2189) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks